The Cisco 300-206 exam is a very hard exam to successfully pass. Here you will find free Lead2pass Cisco practice sample exam test questions that will help you prepare in passing the 300-206 exam. Lead2pass Guarantees you 100% pass exam 300-206.

A. It provides basic device management for large-scale deployments.B. It provides a GUI for configuring IPS sensors and security modules.C. It enables communication with Cisco ASA devices that have no administrative access.D. It provides greater security than simple ACLs.

Answer: B

QUESTION 78Which three options describe how SNMPv3 traps can be securely configured to be sent by IOS? (Choose three.)

A. An SNMPv3 group is defined to configure the read and write views of the group.B. An SNMPv3 user is assigned to SNMPv3 group and defines the encryption and authentication credentials.C. An SNMPv3 host is configured to define where the SNMPv3 traps will be sent.D. An SNMPv3 host is used to configure the encryption and authentication credentials for SNMPv3 traps.E. An SNMPv3 view is defined to configure the address of where the traps will be sent.F. An SNMPv3 group is used to configure the OIDs that will be reported.

QUESTION 80When a Cisco ASA is configured in transparent mode, how can ARP traffic be controlled?

A. By enabling ARP inspection; however, it cannot be controlled by an ACLB. By enabling ARP inspection or by configuring ACLsC. By configuring ACLs; however, ARP inspection is not supportedD. By configuring NAT and ARP inspection

A. It is preferred for detection-only deployment.B. It is used for installations that require strong network-based protection and that include sensor tuning.C. It is used to boost sensor sensitivity at the expense of false positives.D. It is used to monitor critical systems and to avoid false positives that block traffic.E. It is used primarily to inspect egress traffic, to filter outgoing threats.

A. Internet edges typically have a lower volume of traffic and threats are easier to detect.B. Internet edges typically have a higher volume of traffic and threats are more difficult to detect.C. Internet edges provide connectivity to the Internet and other external networks.D. Internet edges are exposed to a larger array of threats.E. NIPS is more optimally designed for enterprise Internet edges than for internal network configurations.

Answer: CD

QUESTION 87Which statement about the Cisco ASA configuration is true?

A. All input traffic on the inside interface is denied by the global ACL.B. All input and output traffic on the outside interface is denied by the global ACL.C. ICMP echo-request traffic is permitted from the inside to the outside, and ICMP echo-reply will bepermitted from the outside back to inside.D. HTTP inspection is enabled in the global policy.E. Traffic between two hosts connected to the same interface is permitted.

Answer: B

QUESTION 88In the default global policy, which traffic is matched for inspections by default?

QUESTION 90An administrator is deploying port-security to restrict traffic from certain ports to specific MAC addresses. Which two considerations must an administrator take into account when using the switchport port-security mac-address sticky command? (Choose two.)

A. The configuration will be updated with MAC addresses from traffic seen ingressing the port.The configuration will automatically be saved to NVRAM if no other changes to the configuration havebeen made.B. The configuration will be updated with MAC addresses from traffic seen ingressing the port.The configuration will not automatically be saved to NVRAM.C. Only MAC addresses with the 5th most significant bit of the address (the ‘sticky’ bit) set to 1 will be learned.D. If configured on a trunk port without the ‘vlan’ keyword, it will apply to all vlans.E. If configured on a trunk port without the ‘vlan’ keyword, it will apply only to the native vlan.

Answer: BE

QUESTION 91Which command configures the SNMP server group1 to enable authentication for members of the access list east?

Answer:Please check the steps in explanation part below:(1) Click on Service Policy Rules, then Edit the default inspection rule.(2) Click on Rule Actions, then enable HTTP as shown here:

(3) Click on Configure, then add as shown here:

(4) Create the new map in ASDM like shown:

(5) Edit the policy as shown:

(6) Hit OK

QUESTION 93Hotspot Questions

Which statement about how the Cisco ASA supports SNMP is true?

A. All SNMFV3 traffic on the inside interface will be denied by the global ACLB. The Cisco ASA and ASASM provide support for network monitoring using SNMP Versions 1,2c,and 3, but do not support the use of all three versions simultaneously.C. The Cisco ASA and ASASM have an SNMP agent that notifies designated management ,.stations if events occur that are predefined to require a notification, for example, when a link inthe network goes up or down.D. SNMPv3 is enabled by default and SNMP v1 and 2c are disabled by default.E. SNMPv3 is more secure because it uses SSH as the transport mechanism.

Answer: CExplanation:This can be verified by this ASDM screen shot:

QUESTION 94Hotspot Questions

SNMP users have a specified username, a group to which the user belongs, authentication password, encryption password, and authentication and encryption algorithms to use. The authentication algorithm options are MD5 and SHA. The encryption algorithm options are DES, 3DES, andAES (which is available in 128,192, and 256 versions). When you create a user, with which option must you associate it?

A. an SNMP groupB. at least one interfaceC. the SNMP inspection in the global_policyD. at least two interfaces

An SNMP host is an IP address to which SNMP notifications and traps are sent. To configure SNMFV3 hosts, which option must you configure in addition to the target IP address?

A. the Cisco ASA as a DHCP server, so the SNMFV3 host can obtain an IP addressB. a username, because traps are only sent to a configured userC. SSH, so the user can connect to the Cisco ASAD. the Cisco ASA with a dedicated interface only for SNMP, to process the SNMP host traffic.

Answer: BExplanation:The username can be seen here on the ASDM simulator screen shot:

QUESTION 96Refer to the exhibit. To protect Host A and Host B from communicating with each other, which type of PVLAN port should be used for each host?

A. Host A on a promiscuous port and Host B on a community portB. Host A on a community port and Host B on a promiscuous portC. Host A on an isolated port and Host B on a promiscuous portD. Host A on a promiscuous port and Host B on a promiscuous portE. Host A on an isolated port and host B on an isolated portF. Host A on a community port and Host B on a community port

Answer: E

QUESTION 97Which security operations management best practice should be followed to enable appropriate network access for administrators?